In association with heise online

24 January 2011, 13:23

VLC Media Player 1.1.6 fixes critical vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

VLC Logo The VideoLAN project developers have announced the release of version 1.1.6 of their VLC Media Player, a free open source cross-platform multimedia player for various audio and video formats. The seventh release of the 1.1.x branch of VLC is a maintenance and security update that includes various bug fixes and improvements.

VLC 1.1.6 addresses security issues in the Real demuxer, the subtitle decoder and two previously reported critical heap corruption vulnerabilities; these are in the relatively rarely used CDG format decoder. Using VLC to play manipulated video in this format could cause heap corruption, which could in turn be exploited to inject and execute malicious code. At the time of this posting, the VideoLAN security information page has yet to be updated.

Other changes include visualisation improvements for projectM and goom, PulseAudio output updates, faster WebM / VP8 decoding and support for audio/L24 in RTP. The update also includes fixes for Audio CD playback on Windows systems, Mac OS X SSA fontcache, as well as Qt4 and Media Keys processing improvements.

More details about the update can be found in the official release announcement and on the What's new in 1.1.6 page. VLC 1.1.6 is available to download from the project's home page for Windows, Mac OS X and Linux. VLC is released under version 2 of the GNU General Public License (GPLv2).

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit